Photo by Bernd đź“· Dittrich on Unsplash
What does “attack surface” mean? I see the attack surface as the entire network and software environment exposed to remote or local attacks. For others, it’s the sum of compromised points—although that’s not the attack surface, but the attack vectors.
An attack surface refers to all the ways attackers can exploit your apps. This includes software, operating systems, network services and protocols, domain names, and SSL certificates.
A classic example to help illustrate the concept of attack surface is your business’s physical office. What’s the attack surface of your local office?
The answer is simple: doors, windows, safe boxes, etc. What about your home? Even simpler: front and back doors, windows, garage doors, climbable trees or tables, etc.
The difference between detecting a breach in your home and a violation in your company’s online attack surface can be characterized by the size of the area and its inclusion of multiple complex regions to explore.
You’d clearly notice if someone had broken a window or forced open the door in your home. It’s even easier to have a home alarm system that notifies you immediately.
However, due to the extensive network, software, protocols, and services running within an online company, detecting what part of the attack surface was the origin of the breach or intrusion can be tricky, even with a solid IDS in place, application firewalls, and notification alerts. Most of the time, it may pass unnoticed.
